[ Posted by James Harton ]
The project I'm working on requires some pretty fancy twiddling of IP addresses and prefixes, so I've slowly been adding functionality to Ruby's IPAddr class. Here's a couple of new features;
You can download the whole file from gist.github.com
[ Posted by James Harton ]
Around the end of last year I wrote a IP and IPv6 flow handler in Pike for some packet analysis I wanted to do.
The code is available here under the GNU LGPL.
It's simple to use, and there is a demonstration app which simply keeps track of all your flows and periodically prints out all your active connections:
Just take a look at flow.pike in the archive. The important part being void capture_cb(). It takes the packet from libpcap and explodes it with the Ethernet.Frame module, it then takes a look at the frame type. It passes IP packets to either IP.v4.Packet or IP.v6.Packet and then on to IP.Flow.Engine for processing into a flow. Something I threw in to show how easy it is to work with is de-encapsulation of 6to4 packets from within IPv4 packets.
I should write some documentation, but in the mean time just email me if you have questions. Thanks to Bill for Public.Network.Pcap.
